Internet websites must not use the unsafe-url policy, as this tends to trigger HTTPS URLs to generally be uncovered to the wire above an HTTP connection, which defeats one of many significant privateness and protection assures of HTTPS. SSL/TLS is very suited for HTTP, since it can provide some protection http://XXX
